first reaction is probably that this sounds like a pointless waste of time—and for many it is—but Twitter can be quite helpful if you want to receive news updates, promote your business, and connect with colleagues and friends. For more information on Twitter and how it can help you and your business, see Five Ways Twitter Can Help Your Business.
As great a tool as Twitter is, there are some significant security risks due to its very nature. As a result of imposing a 140 character limit on each tweet, users replace real URLs with shortened ones, such as those created by the services TinyURL or Bit.ly. This is a major vulnerability: Those who read the tweets have no way of knowing where the link leads until after they click it, making it extremely easy for mischief makers to funnel traffic to malicious Web sites, which are then used to infect the user's computer with malware. How can you be careful about which links you follow if you've no way of knowing where they go? Actually, users of TweetDeck and DestroyTwitter can preview the real link. I definitely recommend using one of these; clicking on a link that leads to a site that automatically loads malware onto your computer is disastrous. If you use TweetDeck, set the option in the General Settings tab to Show preview information for short URLs; DestroyTwitter will preview a URL if you Alt-Click on the link.
Currently, there is no e-mail verification required when new users set up a Twitter account. Let that sink in for a second. Every other service I can think of requires you to confirm your registration by clicking on a link in an e-mail. I could set up a Twitter account for myself claiming to be, say, John Travolta—and enter John's e-mail address knowing he won't be called upon to verify anything. It's hard to imagine an easier system in which to create counterfeit accounts. Of course, this can be done on other social-networking sites. I once stole my friend's identity for a story, but making it this easy is practically inviting fraudsters to take advantage.
To make Twitter work for you, you need to build a network of those you follow and those who follow you. However, because no identity verification is needed to open an account, how do you know that the person following you is who he or she purports to be? Most people are so happy to get a new follower that they automatically follow back. The problem with this is that fraudsters set up accounts and start following anyone and everyone. When they get followed back, this gives them credibility (if he has 250 followers, then he must be for real—not!) which makes it easier to sucker in the next guy.
And finally, never forget that whatever you tweet is public, unless you've locked down your profile—which very few users do because the point is, after all, to attract attention. If you don't let anyone read your tweets, then you're not doing a very good job of attracting attention. Tweets you might not want the whole world to read include "Just started negotiating contract with customer XYZ," "I live at 742 Evergreen Terrace and will be out of town for a month," or "I'm meeting with a vendor. Damn, this guy is stupid and boring!"
But What Harm Could There Be?
There are any number of ways you can be attacked on Twitter. The first is when someone new follows you, so you check out the follower's profile, which contains a link to that person's blog, which then serves up a malware drive-by download. Or the new follower sends you a direct message about how you can get a free Nintendo Wii if you click a link. The only thing you'll really get is malware.
Another common scenario involves someone tweeting a link to a site that's "a great Twitter utility." You click the shortened link (remember, you have no idea where a shortened link is truly going to take you) and end up at a site promising 1,000 new followers in 24 hours—all you have to do is enter your Twitter username and password. As a side note, since study after study has shown that most people use the same username and password combination on most of the sites they are registered with, you've now given away not just your Twitter account info but maybe also your banking, brokerage, and e-mail account info.
How you can protect yourself?
- Know which accounts are in your network and to whom they really belong. Check out every new follower. If any of their tweets or profile information look suspicious, block them.
- Consider the source of a link before clicking on it. Use a Twitter client like TweetDeck to peek at preshrunk URLs, and understand that there's no way to prevent 100 percent of the drive-by downloads. Even if you're the curious type, try to put your need to know in perspective: Is even the most awesome video ever (or the most expensive "prize") worth the risk of becoming a spam bot?
- Treat your tweets as public. Don't tweet sensitive information.
- Do not use Twitter as a hook-up venue. I guarantee you that every profile from a sexy 18-year-old begging you to "click this link and get to know me" is a fraud. At best you're funding some sort of advertising click-fraud. At worst you're about to get infected with malware.
- Never provide your Twitter username and password (or any username and password) to anyone.
- If you sign up to follow someone and [that person immediately direct-messages you with a "how I made a million dollars in 24 hours on Twitter" scheme, block that account as soon as you can.
Twitter has a long way to go before it can be considered a secure environment. You'll have to protect yourself until it gets there.
![[Valid RSS]](http://validator.w3.org/feed/images/valid-rss-rogers.png "Validate my RSS feed")
![[Valid Atom 1.0]](http://validator.w3.org/feed/images/valid-atom.png "Validate my Atom 1.0 feed")
